Published on August 10th, 2012 | by NJ Ouchn0
Web Application Exploiter (WAppEx) v1.0 in the wild
Regular database update is available. Top priorities are high-risk and zero-day vulnerabilities.Payloads for using in exploits are reliable payloads which contains connect-back, listener shell, arbitrary code execution, arbitrary file upload,…
- SQL Injection:
The most dangerous vulnerability in web applications. WAppEx uses Havij – Advanced SQL Injection Tool engine to find and exploit this vulnerability.
- Remote File Inclusion:
It allows an attacker to include a remote file. WAppEx can check for this vulnerability and run various payloads to execute commands on web server.
- Local File Inclusion:
It allows an attacker to include a local file. Just like RFI WAppEx tests and exploits this vulnerability.
- OS Commanding:
It let the attacker to execute OS commands on server. WAppEx tests and exploits this vulnerability to execute custom commands to get a reverse shell.
- Script injection:
It can be used by an attacker to introduce (or “inject”) script into a web application. WAppEx automatically tests and exploit this vulnerability to escalate access to web server and get a reverse shell.
- Local File Disclosure:
as the name says it disclosure content of local files on the web server. WAppEx can exploit this vulnerability to read sensitive files on the server.
- Online Hash Cracker: A tool for cracking hashes using the reverse lookup in online sites.
- Encoder/Decoder: An encoder/decoder with a complete encryption algorithms.
- Find Login Page: It looks for login pages on a target.
- Browser: A small browser you can use to view source code and HTTP headers.
WAppEx is so easy to use and also so flexible. It doesn’t matter you’re a beginner or a professional, using WAppEx makes your works easier, faster and more effective.